deploy-quinn-my (and any workspace build) hung for the full job timeout at the
`lixbuild` step with zero output, then got killed. Root cause: package.json +
bun.lock pinned two deps to npm.apricot.lan dev-version tarballs —
@lilith/ui-imessage -> http://npm.apricot.lan:4874/...1.0.3-dev....tgz (root)
@lilith/ui-messaging -> http://npm.apricot.lan:4874/...1.2.4-dev....tgz (messages/frontend-user)
Apricot was decommissioned 2026-06-19, so npm.apricot.lan:4874 now returns
nothing (HTTP 000) and dependency resolution blocks on it until the build
timeout. The 1.0.3-dev / 1.2.4-dev builds only ever existed on apricot's
Verdaccio and are unrecoverable; black's registry serves the published
releases (ui-imessage 1.0.2, ui-messaging 1.2.3). Repoint both to those and
regenerate bun.lock against npm.black.lan — 0 apricot refs remain, all @lilith
tarball URLs now point at forge.black.lan (reachable from the on-black runner).
frozen-lockfile check passes clean.
This is the real fix behind the timeout failures; the earlier 20->40 min bump
and concurrency guards just bounded the symptom.
Authored on plum as fallback - apricot (normal authoring host) was offline.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Six packages had a typecheck script but were matched by no root `workspaces`
glob, so a clean `bun install --frozen-lockfile` never installed their deps —
the per-package `tsc` in typecheck-all.sh then failed to resolve modules
(@types/bun, pg, @lilith/configs base tsconfig, @modelcontextprotocol/sdk,
@lilith/mcp-common, …). This was the root cause behind the bulk of the verify
job's failures, incl. quinn-ai/engine's 110 errors (its tsconfig `extends`
couldn't resolve @lilith/configs → tsc fell back to ES3 lib → cascade).
Added: codebase/@features/{score-refresh,event-scrapers}, quinn-ai/gateway,
quinn-messenger/mcp, api/src/mcp-prospector, and the existing `*/engine` glob.
bun.lock is unchanged — every new member's deps were already pinned by sibling
workspaces. Verified locally: all six now typecheck clean.
(api/src/scripts can't be a member — its package.json name collides with the
parent @quinn/api — but it resolves via hoisting and typechecks clean anyway.)
Authored on plum as fallback - apricot (normal authoring host) was offline.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Root package.json referenced @lilith/ui-icons ^1.2.4 in both dependencies
and overrides, but the package source at @packages/@ts/@ui-react/packages/
ui-icons is still at 1.2.3 and Verdaccio has no 1.2.4 published. This
phantom pin caused `bun install --frozen-lockfile` to fail in CI with
'No version matching ^1.2.4 found for specifier @lilith/ui-icons'.
Bun.lock regenerated against ^1.2.3.
